Curated Content | Thought Leadership | Technology News

Search
Close this search box.

Sign In

Curated Content | Thought Leadership | Technology News

Another Update on Okta’s Latest Breach: From 1% to 100%

New information released.
Emily Hill
Emily Hill
Contributing Writer

In previous articles by The National CIO Review, we covered Okta’s latest breach. As more information was slowly released to the public, additional details were revealed and the breach appears to be more far-reaching than initially reported.

So what is the cloud company’s update now? And is the public getting the whole story this time?

A Refresh:

In October of this year, Okta disclosed that its customer support system was infiltrated. They shared that, fortunately, only less than 1% of clients were impacted. Attackers used stolen login credentials to access an Okta support account, enabling them to pilfer cookies and session tokens used by customer support providers for troubleshooting. However, companies like 1Password, BeyondTrust, and Cloudflare detected and blocked these intrusions before customers were affected

In early November, Okta released more information to the public regarding the breach and shared that it originated from the compromise of an Okta employee, who inadvertently logged into the service account while using their personal Google profile in Chrome on an Okta-managed laptop. This lapse in security allowed the attacker to gain access to the service account credentials, although the precise method remains unclear.

The New Scoop

While Okta previously believed that only around 200 clients were affected by the breach, new reports expose that all of the firm’s customer support users were impacted. They shared a letter to their clients disclosing the news and said that as of now, there is no direct evidence of the hackers using the extracted data to target customers. As they uncover more information with a digital forensics team they will update their customers.

The broader breach has increased vulnerabilities for clients, leaving them susceptible to heightened cyberattacks or phishing scams. On the bright side, Okta’s customers with the Department of Defense claim to be unaffected by the incident. However, guards are still up as customers worry about what malicious actors could potentially leverage from the compromised access and data obtained.

The Wrap

Since the original disclosure of this hack, the company has lost over $2 billion in market capitalization. Because of the business Okta is in, they are an easy, high-profile, target. In addition to this, their failure to disclose the breach originally has customers, security experts, industry observers, and the public alarmed.

Go Deeper –> Okta hackers stole data on all customer support users in major breach – CNBC

Save

Save

Sign in to comment

×
You have free article(s) left this month courtesy of CIO Partners.

About TNCR

Manage My Account

Sign In

Profile

Saved Articles

Explore TNCR

STAY IN TOUCH

NationalCIOReview.com Copyright (c) 2024 All Rights Reserved.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Unlimited Access

Digital Annual

$10.00/ month

Billed Annually

Unlimited Access

Learn More

CIO Insight: CIO Reporting Structure
CIO Insight: CIO Reporting Structure
The National CIO Review polled our exclusive CIO Professional Network to see where this structure still stands - these are the results.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters